Reworking my remote notes and blogging rig
I’m wrapping a feverish rework of my remote-editing setup.
My requirements
I have two primary groups of text I want to be able to edit remotely: (a) my personal Obsidian vault, and (b) this blog.
I wrote about some of these desires here.
The old rig
The old setup was based on SSHing into the Mac Mini sitting on my home-office desk. I made it available using Tailscale, which in theory keeps things relatively secure. But since I can’t run Tailscale or any other sort of personal VPN on my work laptop, the first/best solution I found was to set up a jump host as an intermediary. More on this approach in this post.
The problems
Zed uncertainty
As I’ve written, I’m super pleased with Zed as my general-purpose editor and remote-editing enabler. Alas, I’m now getting signals that it’s going to be blocked soon on my work laptop, so I need to find a different solution to edit my notes and blog remotely. Bummer. :(
VSCode didn’t work
I’m vaguely confident that work won’t block VSCode, and VSCode also has a remote-editing feature, but it choked on my jump-host-proxied SSH setup. I tried for a couple hours and with lots of LLM help to get it working, but I never could. It could authenticate, but it’d timeout trying to set up the remote server, even when I upped the timeout setting to 3 minutes. It worked just fine in Zed. Double bummer!
Jumpy slows me down
So, Zed’s going away, and VSCode is failing me.
Why not use Neovim on the remote host over SSH?
I can and was doing that, but jumpy (the name of my jump host VM, as dubbed in my SSH config) adds an extra network hop, which in turn adds significant latency to every keystroke.
Doing any significant writing this way feels like the typing equivalent of running through mud.
I was ready to find a better approach.
The new rig
My goal was to do everything on a single, cloud-hosted VM. This would get rid of the jump host, improve SSH latency, probably let VSCode work, get rid of Tailscale, and leave my Mac Mini out of the picture.
I bought a cheap VPS instance through IONOS. They have a bit of a sketchy reputation, seemingly around billing shenanigans, but it’s the contract is inexpensive enough that I can swallow the risk.[1]
Here’s a rough outline of the process to set it up:
- Set up basic access:
- Create a non-root user for my day-to-day access. Give the user sudo access.
- Add my keys to
~/.ssh/authorized_keysso I can SSH in from my various machines. Make sure SSH now works for the other user. - Edit
/etc/ssh/sshd_configto disable root access and password auth by making sure it has the settings:PermitRootLogin no,PasswordAuthentication no,KbdInteractiveAuthentication no, andUsePAM no. - In the IONOS control panel, edit the firewall policy to expose UDP ports 60000-61000 for
moshaccess.
- Install the fish shell, set it as my default with
chsh.- I do this early in part to start taking advantage of fish’s awesome command history as I fumble around setting things up. Plus, I’ve added lots of niceties to my
config.fishover the years that I’m now accustomed to. - I downloaded the
.debinstead of installing withapt, which had too old a version.
- I do this early in part to start taking advantage of fish’s awesome command history as I fumble around setting things up. Plus, I’ve added lots of niceties to my
aptinstalls: tmux, fd, ripgrep, mosh, fuse3 (required for AppImage)- Install latest Neovim.
- I used the AppImage for this. Not sure the ideal way. The
aptversion is too old. - Fire up
nvimand make surevim.packdoes its thing successfully. Rejoice.
- I used the AppImage for this. Not sure the ideal way. The
- Install mise.
- I hadn’t used this before but had read good things about it. It seems to be a solid way to manage node versions and install other tools like chezmoi, node, fzf, lazygit, etc.
- Set up git and my core repos:
- Generate an SSH key and add it to GitHub (has my dotfiles) and Gitlab (has this blog).
- Clone my dotfiles repo and
chezmoi applyit. - Clone my blog.
- Install uv because some of my scripts depend on it.
- Set up Obsidian headless
- Do the npm install and follow the instructions to login and set up sync.
- Create a systemd unit file for running
sync --continuousfor my vault. Usejournalctlto check the logs.
That’s about it! It took me several hours to pin all of this down, since I don’t provision Linux (especially Debian) often enough to remember all the incantations. Gotta admit, Gemini was super helpful throughout.
Improvements
Obsidian headless
In the old rig, to get Obsidian Sync to pick up my remote edits, I’d just leave Obsidian running on the Mac Mini. This worked, but there was a significant lag between an edit and Obsidian syncing the file, probably because Obsidian was idling in the background and some sort of resource-optimization thingie was deprioritizing it. This was a slow and sloppy approach, not to mention an opaque one, because I couldn’t see any sync logs from the SSH session (they’re shown in the Obsidian GUI). I’d just stare at my phone’s logs until I saw the change come through.
I spent many daydreams wishing that Obsidian would release a headless-sync utility. Then, lo and behold, they did!
With the new approach, my edits sync immediately, and I can watch the logs to confirm it. Great!
Low latency & mosh
Without the jump host in the way, SSH access to the new VM feels snappy.
And I make it even snappier with mosh.
Last I checked, mosh can’t proxy through a jump host.
No reliance on the Mac Mini
Now I can treat the Mac Mini like a regular ol’ personal computer. I can put it to sleep, power it down, and not worry about exposing it to the public internet. Tailscale was a good solution to that last problem, but I’m happy to not have to think about it anymore.
Repeatability
I now have a fairly straightforward process to set up a Linux VM to do all this stuff. If IONOS gets weird or expensive, I can probably have a new VM setup in under an hour end to end.
Musings
This took a bunch of time. If I were just trying to edit some dang notes, this would have been a distressingly expensive side quest. But I love this sort of stuff. I stayed up late last night hacking on it with frenetic determination, not because I had to, but because I was obsessed. (I’m away on a business trip; this is how I party.)
I still love solving a problem with computers as much as I always have. And something about doing it on a remote machine taps into the intrigue I felt back in the early days of the internet, when connecting to some other computer somewhere “out there” felt novel and adventurous.
So this was only partially about notes and blogging. It was also an excuse to get the ol’ nerdHands dirty.
The original price for the IONOS VPS was $5/month. Cheap enough. But I went to cancel it anyway because I realized I was able to get all of this working on
jumpy(a dinky free-tier OCI VM that I originally thought was too underpowered). When I went through the cancellation workflow, it offered a 75% discount for the first year. That dropped the price to $1.25/month. Basically free. So I kept it. ↩︎
- ← Previous
Re: better blog titles